Re: Changed SSL Certificates

On Fri, Apr 8, 2011 at 2:21 PM, Carlos Mennens <carlos(dot)mennens(at)gmail(dot)com>wrote:

> On Fri, Apr 8, 2011 at 1:15 PM, Diego Schulz <dschulz(at)gmail(dot)com> wrote:
> > Hi,
> > When linking to the certificate and key you should specify the full path.
> > ln -s /etc/ssl/certs/db1_ssl.crt /full/path/to/db1_ssl.crt
> > ln -s /etc/ssl/private/db1_ssl.key /full/path/to/db1_ssl.key
>
> Thanks for the quick reply Diego. I posted the commands above and I
> used the full path to the certificates as you can see. Here's the
> info:
>
> lrwxrwxrwx 1 postgres postgres 26 Apr 8 10:43 db1_ssl.crt ->
> /etc/ssl/certs/db1_ssl.crt
> lrwxrwxrwx 1 postgres postgres 28 Apr 8 10:50 db1_ssl.key ->
> /etc/ssl/private/db1_ssl.key
>
> The 1st part is just the symbolic link referenced in
> /var/lib/postgresql/8.4/main but you can see it knows to reference the
> symbolic links to /etc/ssl/...
>
> I'm thinking there's some random configuration file for PostgreSQL
> that has pointers to the old server.crt and server.key files but I've
> searched /etc/postgres/ and /var/lib/postgresql/8.4/main completely
> and can't find it what so ever. I am not authorized to disable SSL per
> DoD standards / requirements sadly.
>
> Any thing else I am missing? I can't be the 1st person to switch SSL
> certificates during utilization.
>
>
Make sure the files have the right ownership and permissions.
It looks like ownership is correct (postgres:postgres) but permissions might
be too loose.
Try chmod 400 on your key and certificate and see what happens.

cheers,

diego